ищу екплоит под увязвимость CVE-2022-29248 , скорее всего на таргете стоит php mailer
вот репорт:
вот репорт:
Код:
Package: phpmailer/phpmailer
Version: 6.3.0
CVE: CVE-2020-36326
Title: Deserialization of Untrusted Data
Description: PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar
Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE 2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames
were always considered unreadable by PHPMailer, even in safe contexts. As an unintended
side effect, this fix eliminated the code that blocked addAttachment exploitation.
CVSS V2: AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS V3: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-502